Robustifying models against adversarial attacks by Langevin dynamics. (May 2021)

Record Type:
Journal Article
Title:
Robustifying models against adversarial attacks by Langevin dynamics. (May 2021)
Main Title:
Robustifying models against adversarial attacks by Langevin dynamics
Authors:
Srinivasan, Vignesh
Rohrer, Csaba
Marban, Arturo
Müller, Klaus-Robert
Samek, Wojciech
Nakajima, Shinichi
Abstract:
Abstract: Adversarial attacks on deep learning models have compromised their performance considerably. As remedies, a number of defense methods were proposed, which however, have been circumvented by newer and more sophisticated attacking strategies. In the midst of this ensuing arms race, the problem of robustness against adversarial attacks still remains a challenging task. This paper proposes a novel, simple yet effective defense strategy where off-manifold adversarial samples are driven towards high density regions of the data generating distribution of the (unknown) target class by the Metropolis-adjusted Langevin algorithm (MALA) with perceptual boundary taken into account . To achieve this task, we introduce a generative model of the conditional distribution of the inputs given labels that can be learned through a supervised Denoising Autoencoder (sDAE) in alignment with a discriminative classifier. Our algorithm, called MALA for DEfense (MALADE), is equipped with significant dispersion—projection is distributed broadly. This prevents white box attacks from accurately aligning the input to create an adversarial sample effectively. MALADE is applicable to any existing classifier, providing robust defense as well as off-manifold sample detection. In our experiments, MALADE exhibited state-of-the-art performance against various elaborate attacking strategies.
Is Part Of:
Neural networks. Volume 137(2021)
Journal:
Neural networks
Issue:
Volume 137(2021)
Issue Display:
Volume 137, Issue 2021 (2021)
Year:
2021
Volume:
137
Issue:
2021
Issue Sort Value:
2021-0137-2021-0000
Page Start:
1
Page End:
17
Publication Date:
2021-05
Subjects:
Adversarial examples -- Robustness -- Langevin dynamics
Neural computers -- Periodicals
Neural networks (Computer science) -- Periodicals
Neural networks (Neurobiology) -- Periodicals
Nervous System -- Periodicals
Ordinateurs neuronaux -- Périodiques
Réseaux neuronaux (Informatique) -- Périodiques
Réseaux neuronaux (Neurobiologie) -- Périodiques
Neural computers
Neural networks (Computer science)
Neural networks (Neurobiology)
Periodicals
006.32
Journal URLs:
http://www.sciencedirect.com/science/journal/08936080
http://www.elsevier.com/journals
DOI:
10.1016/j.neunet.2020.12.024
Languages:
English
ISSNs:
0893-6080
Deposit Type:
Legaldeposit
View Content:
Available online (eLD content is only available in our Reading Rooms)
Physical Locations:
British Library DSC - 6081.280800
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store
Ingest File:
25582.xml